CVE-2024-8207

CVSS v2.0

6.8

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 5.0.14 MongoDB Server versions prior to 6.0.3

Description The issue allows an unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects environments with Linux as the underlying operating system.

Recommendations For versions prior to 5.0.14, update to version 5.0.14 or later to resolve the issue. For versions prior to 6.0.3, update to version 6.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the MongoDB server binary to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-610CWE-114

Related Identifiers

ALT-PU-2024-12981

ALT-PU-2024-13160

ALT-PU-2024-13256

ALT-PU-2024-15966

ALT-PU-2024-16016

ALT-PU-2024-16036

BDU:2024-07683

BIT-MONGODB-2024-8207

CVE-2024-8207

Affected Products

Alt Linux

Mongodb Server

Mongodb

CVE-2024-8207

Weakness Enumeration

Related Identifiers

Affected Products

References · 19